From: dork@gmx.at
Date: Fri Feb 10 2006 - 14:13:15 EST
hi!
basically, sql injection may occur on any variable that does not come from the
application itself to be written into a database via sql. the easiest way are
GET variables, followed by POST. but do not forget values in cookies and/or
maybe various other HTTP headers (referer, user-agent, language preferences)
that might be written to a database for statistical reasons, validations, or
accessed for session handling.
not to forget raw post requests containing xml, xml-rpc, soap or some binary
format used by flash, filenames in upload forms.
depending on the setup of webserver and application, even variables passed by
the httpd to the script interpreter/application can be used for injections
(e.g. $_SERVER in php can not be fully trusted).
or in general: any value given by the user may be vulnerable to injections and
overflows.
ad essential differences: GET is easier, does not need an extra client or
extra work to test and it's the place to start at. in some environments, the
transport of a key-value pair is not visible to a web app (e.g. autoglobals).
in this case, a deleted cookie can be replaced by url manipulation (following
GPC order).
i'd recommend the usage of curl and the firefox tamper-data extension for
tests above GET.
have a nice weekend.
On Friday 10 February 2006 07:06, johnny Mnemonic wrote:
> I see many references to manipulation of SQL backend databases through both
> URL based and Forms based SQL injection but I'm wondering what are the
> essentials differences between both methods and when to use one over the
> other.
> Thanks.
>
> _________________________________________________________________
> Get cheap fares online with MSN Travel http://www.msn.com.sg/travel/
>
>
> ---------------------------------------------------------------------------
>--- Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are futile against web application hacking. Check your website for
> vulnerabilities to SQL injection, Cross site scripting and other web
> attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ---------------------------------------------------------------------------
>----
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:29 EDT